[HN Gopher] A hands-on introduction to static code analysis
___________________________________________________________________
A hands-on introduction to static code analysis
Author : dolftax
Score : 105 points
Date : 2020-05-04 17:54 UTC (5 hours ago)
(HTM) web link (deepsource.io)
(TXT) w3m dump (deepsource.io)
| flohofwoe wrote:
| Slightly tangential to what the article is about, but at least in
| the C/C++ world, the most important change to make static
| analysis popular for "the rest of us" was probably Xcode's
| decision to integrate clang analyzer right into the Xcode UI
| under a menu item (Xcode doesn't do many things right, but this
| is definitely one of the very good features).
|
| This way, analyzing the code is a simple "button press" and works
| out of the box on every Xcode project.
|
| Soon after, Microsoft followed suit in Visual Studio (even though
| in my experience, the MS analyzer doesn't catch quite as many
| things as the clang analyzer).
|
| Before that, static analyzers were those no doubt useful but
| obscure "magic tools" which were very hard to integrate into an
| existing build process.
|
| Even the most useful tool will be ignored when it is hard to use.
| saagarjha wrote:
| Somewhat annoyingly, the static analyzer that ships with Xcode
| doesn't seem to be packaged separately as in the command line
| tools...
| tasty_freeze wrote:
| Same with the profiling tools.
| flohofwoe wrote:
| Hmm, command-line clang accepts a --analyze option here
| ("Apple clang version 11.0.0"), and this seems to give
| additional output over the regular warnings. I'm not sure if
| that's the same thing as the analyzer integrated into Xcode,
| but some sort of static analyzer seems to be there.
| UncleMeat wrote:
| It's good to see discussions of static analysis, but I often feel
| that these blog posts do a disservice to the techniques. The post
| leads by mentioning applications like bugfinding and security
| vuln detection but the examples here are barely above local
| syntactic checks. This is the common scenario in the majority of
| blog posts I see about static analysis, probably because it is
| just much easier to put together a quick write up on AST-linting.
| Heck, this article has a diagram that directly states that an AST
| is the input to a static analysis module, but that is true only
| for some kinds of things!
|
| AST level analysis is certainly useful. Everybody should be using
| some sort of style checker. But AST pattern matching is a
| _completely_ different technique from the stuff used to do
| bugfinding that I worry that these blog posts will give the wrong
| impression about what static analysis can do and what it can 't
| do.
|
| I'd love to see blog posts about interprocedural pointer
| analysis, for example.
| rj722 wrote:
| Article author here. Agree that the post merely touches the
| surface for static analysis -- because it was aimed towards an
| audience looking for an introduction to static analysis. The
| scope for the examples in this post had to be limited for this
| reason.
|
| Inter-procedural pointer analysis -- Yes, a lot more trickier
| than these, but definitely more juicier. Will try to write a
| post on it in the coming weeks.
| UncleMeat wrote:
| I think limiting the scope is fine in general. But one small
| suggestion would be to make it more clear that this is just
| one very simple technique. This does not come across at all
| in the blog post. The diagram you show, for example, seems to
| state that this is just how static analyses work - they are
| given ASTs to work with. Or at the very least include some
| examples of semantic properties. It seems incongruent when
| you describe static analysis as understanding the behavior of
| the program without running it and then use examples that are
| about syntactic style violations.
| onemoresoop wrote:
| The article is great and it is clear it is intended for
| beginners. Everything is explained as for beginners which is
| good. A second part is very welcome.
| itsspring wrote:
| I want to read more on this topic. Have you written about this
| anywhere, or do you have a pointer/suggestion?
| chas wrote:
| This article gets more into actual analysis of program state
| and execution: http://matt.might.net/articles/intro-static-
| analysis/
|
| If you want to go deeper, Principles of Program Analysis is a
| popular reference: Principles of Program Analysis
| https://www.amazon.com/dp/3540654100/
| saagarjha wrote:
| The kinds of analyses mentioned here are typically grouped under
| "linting"-more advanced static analysis tools will typically do
| things like dataflow analysis.
| dmos62 wrote:
| I too would be interested in interesting static code analyses
| (that are beyond linting).
| g_delgado14 wrote:
| Any beginner friendly articles on more advanced analysis that
| you'd recommend?
| jjtheblunt wrote:
| https://en.wikipedia.org/wiki/Static_single_assignment_form
| kaidon wrote:
| Maybe a bit tangential, but still interestin:
|
| https://cacm.acm.org/magazines/2010/2/69354-a-few-billion-
| li...
| pwaivers wrote:
| Thanks for this article, dolftax! I followed all the examples on
| my machine with no problem, and I learned some new stuff.
|
| I have a question: how difficult is it to implement the ast? It
| seems like that the bulk of the work for this static code
| analysis.
___________________________________________________________________
(page generated 2020-05-04 23:00 UTC)